September 17, 2009, 12:00 AM

Eyeglasses e-retailer FramesDirect focuses on security to back its growth

With off-site storage of customer payment account data, web-only eyeglasses retailer FramesDirect.com has virtually eliminated the chance of cyber criminals stealing useful customer payment account data, chief financial officer Guy Hodgson says.

With off-site storage of customer payment account data, web-only eyeglasses retailer FramesDirect.com has virtually eliminated the chance of cyber criminals stealing useful customer payment account data, chief financial officer Guy Hodgson says.

“We get online payment fraud attempts every day, at least 10 tries a day, but I can now say our customer account data is 100% safe from both external and inside threats,” Hodgson says. “I can actually sleep better at night.”

The data security system supports steady growth at FramesDirect, where sales are up about 10% or more this year over last year, Hodgson says. With the increased use of broadband Internet access, FramesDirect’s sales are being helped by more shoppers using the retailer’s Virtual Try-On feature that lets them see how eyeglass frames look on uploaded photos of themselves.

FramesDirect uses a secure storage system from CyberSource Corp. that stores customer payment account data on CyberSource’s protected servers as soon as FramesDirect customers enter their account information to make a purchase on FramesDirect.com. The system frees up FramesDirect from having to ever store customer payment account data on its own infrastructure, freeing it from being liable for data theft, Hodgson says.

FramesDirect has initially considered modifying its own infrastructure to make it compliant with the payment card industry’s data security standard, commonly called PCI, but found the CyberSource secure storage system an easier and faster route to becoming PCI compliant, Hodgson says. PCI compliance requires retailers to take several steps to prevent payment card account data from being stolen from their computer networks.

The secure storage system also includes tokenization of customer account data, which enables FramesDirect to continue working with customer account information without actually keeping the payment card account numbers within its own database and network infrastructure, Hodgson says. If a customer processes a chargeback for a payment transaction it doesn’t recognize, for example, FramesDirect can tie the token identifier for that particular payment transaction with the name of the customer, enabling the retailer to contact the customer if necessary to investigate the cause of the chargeback.

“I don’t want to keep more customer information than can be found in a public telephone book, so I can feel comfortable that the we don’t have the information a crook would use to conduct payment fraud.”

comments powered by Disqus

Advertisement

Advertisement

Advertisement

From IR Blogs

FPO

Jock Purtle / E-Commerce

What is your e-commerce business worth?

The founder of a merger and acquisitions consulting firm examines how e-retailers can know the ...

FPO

Adrien Henni / E-Commerce

Alibaba and Chinese e-commerce rivals target Russia

Besides Alibaba, Chinese e-commerce companies like LightInTheBox and DinoDirect are seeking deals to get goods ...

Advertisement